TL;DR: OpenClaw 2026.4.1 lands the /tasks chat-native task board, the bundled SearXNG web_search provider, Amazon Bedrock Guardrails support, and macOS Voice Wake โ on top of the 2026.3.28 fix for CVE-2026-33577, an insufficient-scope-validation flaw in node pairing. Patch first, explore the new surface area second.
The full changelog is on the release page at github.com/openclaw/openclaw/releases/tag/v2026.4.1. This post walks through the parts that matter most for operators.
/tasks is now first-class as a chat-native background task board for the current session (PR #54226).The release notes describe /tasks as "a chat-native background task board for the current session, with recent task details and agent-local fallback counts when no linked tasks are visible." It's session-scoped โ a way to surface what background work is in flight from inside chat โ not a replacement for Linear or Jira. PR #54226, credited to @vincentkoc.
Two of the same release's fixes also touch this surface: the task registry maintenance sweep no longer stalls the gateway event loop under SQLite pressure (#58670), and /status and session_status now hide stale completed background tasks and prefer live task context (#58661). If you tried /tasks on an earlier branch and watched the gateway hang ~60 seconds after start, those were the symptoms โ both are gone in 2026.4.1.
The release adds a bundled SearXNG provider plugin for web_search with configurable host support (#57317, credited to @cgdusek). Practically, that means you can point web_search at a SearXNG instance โ including a local one โ without a third-party API key. The release notes do not bundle a SearXNG runtime; you bring the host, OpenClaw provides the provider plugin.
Amazon Bedrock/Guardrails: add Bedrock Guardrails support to the bundled provider (#58588, credited to @MikeORed). For teams already on Bedrock, this is the cleanest path to enforced input/output filtering inside OpenClaw without a sidecar. The release notes don't define a new schema โ configuration follows the existing bundled-provider pattern.
A related fix in the same release: chat error replies no longer leak raw provider/runtime failures into external channels, and there's a specific /new hint for Bedrock toolResult / toolUse session mismatches (#58831). If you've been seeing cryptic Bedrock errors land in Slack or Telegram, that's the one.
macOS/Voice Wake: add the Voice Wake option to trigger Talk Mode (#58490, credited to @SmoothExec). The release notes describe the trigger only โ they don't specify the wake-word detector or STT backend โ so this post will not either. Treat it as a Talk Mode entry point, not a full voice stack.
The 2026.4.1 release is dense. A few entries worth highlighting:
gateway.webchat.chatHistoryMaxChars and per-request maxChars to make webchat history truncation configurable (#58900).agents.defaults.params for global default provider parameters (#58548, @lpender).auth.cooldowns.rateLimitedProfileRotations to cap same-provider auth-profile retries before falling back across providers (#58707, @Forgely3D).openclaw cron --tools for per-job tool allowlists (#58504, @andyk-ms).glm-5.1 and glm-5v-turbo (#58793, @tomsun28)./model changes are queued behind busy runs and applied on the next turn rather than interrupting the active one.allow-always now persists as durable user-approved trust instead of behaving like allow-once; static allowlist entries no longer silently bypass ask:"always"; openclaw doctor warns when tools.exec is broader than ~/.openclaw/exec-approvals.json. Credit @scoootscooob and @vincentkoc.Per NVD: "OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired nodes beyond their authorization level." Classified CWE-863 (Incorrect Authorization). NVD lists CVSSv3.x 8.1 (HIGH) and CVSSv4 8.6 (HIGH) โ important, but not the 9.8-Critical figure earlier drafts of this post claimed.
What that means in practice: an authenticated operator with a narrow scope could approve a pairing request that granted the new node a broader scope than the approver themselves held. The fix shipped in 2026.3.28; 2026.4.1 inherits it. If you're running multi-node clustering on anything older, upgrade now and audit your paired nodes โ openclaw nodes list is the place to start, and any node whose granted scope exceeds the approving operator's scope is the suspicious shape.
2026.4.1 is a substantive release: a new task surface, a search provider that removes a third-party dependency, native Bedrock Guardrails, and a macOS voice trigger. None of that is interesting if you're still on a vulnerable build. Upgrade past 2026.3.28, then go enjoy the new toys.
Discover more content: